Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Any time GnuPG has to deal with such a spammed certificate, GnuPG grinds to a halt.

So the SKS software is only a part of the problem. Another part is GnuPG, which is unable to deal with a public key with many signatures attached.

GnuPG is written in C (not OCaml) and seems to be well maintained. Looks like fixing it can be an effective mitigation against this attack. Or do I miss something?



Not sure how you could fix an OpenPGP client for this case without changing how the keyservers function.


"You're trying to pull more than reasonably supported 1k signatures. Do you want to skip this step?"


This will protect your machine from being DoS’d, but what if your key is poisoned? Nobody will be able to use it.


Optimize to handle 150K signatures in reasonable time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: